d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

7.7 KiB
Raw Permalink Blame History

Infra Deployment: Locked and Loaded Checklist

Last Updated: 2026-02-05
Purpose: Confirm that everything (including optional tooling) is in place to deploy all necessary infrastructure to Proxmox VE, and what remains to unblock completion tasks.

Locked and loaded (repo and hosts)

The following are in place and ready for deployment. No further repo or template setup is required to run the deployment from a suitable host.

1. Templates on all Proxmox hosts

Item Status Notes
File templates + scripts on ml110, r630-01, r630-02 Done scripts/push-templates-to-proxmox.sh run 2026-02-05
Remote path /opt/smom-dbis-138-proxmox/ templates/, config/, scripts/, lib/, install/
LXC OS templates (Debian 12, Ubuntu 22.04) On all hosts --download-templates run; r630-02 had Debian 12 downloaded

Run Wave 0 from a machine without LAN: copy scripts to a Proxmox host and run there (host is on LAN):
bash scripts/run-via-proxmox-ssh.sh wave0 [--skip-backup] [--host 192.168.11.11]
Use --host 192.168.11.11 (r630-01) if NPMplus (VMID 10233) is on that host and the default host cannot reach NPMplus. Ensure NPM_URL in .env is reachable from the chosen host (e.g. https://192.168.11.167:81 if .166 is not reachable from the node).

Re-push or refresh:
bash scripts/push-templates-to-proxmox.sh
bash scripts/push-templates-to-proxmox.sh --download-templates
See PROXMOX_TEMPLATES_REFERENCE.md.

2. Dependencies (required + optional)

Category Status Install
Required (bash, curl, jq, openssl, ssh) Checked by scripts Default or apt install curl jq openssl openssh-client
Optional (sshpass, rsync, dnsutils, screen, tmux, htop, shellcheck, parallel, sqlite3) Documented sudo apt install -y sshpass rsync dnsutils iproute2 screen tmux htop shellcheck parallel sqlite3

Check: bash scripts/verify/check-dependencies.sh
Ref: 11-references/APT_PACKAGES_CHECKLIST.md § Automation / jump host, 01-getting-started/PREREQUISITES.md.

3. Scripts and automation

Script / area Purpose
scripts/push-templates-to-proxmox.sh Push templates + optional OS template download to all hosts
scripts/run-via-proxmox-ssh.sh Copy scripts + .env to a Proxmox host and run Wave 0 / npmplus / backup via SSH (no LAN on your machine)
scripts/run-wave0-from-lan.sh W0-1 (NPMplus RPC fix) + W0-3 (NPMplus backup) from LAN
scripts/bridge/run-send-cross-chain.sh W0-2 sendCrossChain (real; needs PRIVATE_KEY, omit --dry-run)
scripts/security/setup-ssh-key-auth.sh W1-1 SSH key auth
scripts/security/firewall-proxmox-8006.sh W1-2 Firewall Proxmox API
scripts/secure-validator-keys.sh W1-19 Validator key permissions (run on Proxmox host)
scripts/verify/backup-npmplus.sh NPMplus backup
scripts/verify/verify-npmplus-running-and-network.sh NPMplus: running, IP, gateway check
scripts/npmplus/fix-npmplus-ip-and-gateway.sh NPMplus: set IP .167, gateway .1, start (run on r630-01)
scripts/validation/validate-ips-and-gateways.sh Validate key IPs and gateway vs config/ip-addresses.conf
scripts/verify/run-full-connection-and-fastly-tests.sh Full connection tests: validations, DNS, SSL, E2E, NPMplus FQDN+SSL, Fastly/origin 76.53.10.36
scripts/maintenance/schedule-npmplus-backup-cron.sh NPMplus backup cron (--show / --install)
scripts/maintenance/schedule-daily-weekly-cron.sh Daily/weekly checks cron
scripts/backup/automated-backup.sh Full automated backup
scripts/ccip/ccip-deploy-checklist.sh CCIP env check + deployment order
scripts/deployment/phase4-sovereign-tenants.sh Phase 4 steps (--show-steps / --dry-run)
smom-dbis-138-proxmox (on hosts) deploy-phased.sh, pre-cache-os-template.sh, deploy-besu-nodes.sh, etc.

4. Config and docs

Item Location
Host IPs config/ip-addresses.conf (ml110 .10, r630-01 .11, r630-02 .12)
Env template .env.example (root and subprojects)
Step-by-step remaining work 00-meta/REMAINING_WORK_DETAILED_STEPS.md
E2E task list + blockers 00-meta/E2E_COMPLETION_TASKS_DETAILED_LIST.md
Wave 2/3 operator checklist 00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md
Validation commands run-all-validation, validate-config-files, validate-genesis, verify-end-to-end-routing, run-full-verification

What still unblocks completion (operator / environment)

Deployment scripts and templates are ready. The following are environment or operator actions that unblock the actual run of Wave 0 → 2 → 3.

Run from a host that has

  1. Network: Access to LAN 192.168.11.x (for W0-1 NPMplus RPC fix, W0-3 backup, and SSH to Proxmox).
  2. SSH: Key-based or password-based SSH to root@192.168.11.10, .11, .12 (for push, security scripts, and deploy). Optional: sshpass if using password auth (see APT checklist).
  3. Secrets (as needed):
    • W0-2 (sendCrossChain): PRIVATE_KEY, LINK approved in .env.
    • W0-3 / W1-8 (NPMplus backup): NPM_PASSWORD in .env, NPMplus reachable.
    • Proxmox API (if used): PROXMOX_TOKEN_VALUE or password for API (e.g. MCP, some deploy paths).
    • CCIP (Wave 2/3): CCIP_ETH_ROUTER, CCIP_ETH_LINK_TOKEN, etc. per ccip-deploy-checklist.sh.

Execution order to unblock

  1. Wave 0 (from LAN):
    bash scripts/run-wave0-from-lan.sh
    Then W0-2 when ready: bash scripts/bridge/run-send-cross-chain.sh <amount> [recipient] (no --dry-run).
  2. Wave 1 (security/backup/cron):
    SSH/firewall (W1-1, W1-2), secure-validator-keys (W1-19), backup + cron install (W1-8) from the same host or Proxmox.
  3. Wave 2 / Wave 3:
    Follow WAVE2_WAVE3_OPERATOR_CHECKLIST.md and REMAINING_WORK_DETAILED_STEPS.md from a host with Proxmox/SSH access.

Pre-flight (run anytime)

From project root, on the machine you will use for deployment (or any machine to verify repo side):

# Dependencies (required + optional report)
bash scripts/verify/check-dependencies.sh

# Config and validation
bash scripts/validation/validate-config-files.sh
bash scripts/verify/run-all-validation.sh

# Optional: dry-run push (requires SSH to hosts)
bash scripts/push-templates-to-proxmox.sh --dry-run

If you have LAN + SSH: run scripts/push-templates-to-proxmox.sh (and --download-templates if needed) once to ensure all three hosts have the latest templates and OS images.

Summary

Question Answer
Are all necessary templates and scripts in the repo and on the Proxmox hosts? Yes. Templates and scripts are pushed to ml110, r630-01, r630-02. OS templates (Debian 12, Ubuntu 22.04) are on all hosts.
Are required and optional dependencies documented and installable? Yes. check-dependencies.sh; APT_PACKAGES_CHECKLIST § Automation; PREREQUISITES.
Is everything locked and loaded so we can deploy infra and unblock completion tasks? Yes, from the repo/host side. To actually run deployment and unblock W0→W2→W3, run from a host with LAN access, SSH to Proxmox, and the credentials above.

Single reference for remaining steps: 00-meta/REMAINING_WORK_DETAILED_STEPS.md.

Reference in New Issue View Git Blame Copy Permalink